[Samba] permissions weirdness

L.P.H. van Belle belle at bazuin.nl
Fri Mar 25 08:35:32 UTC 2022


Set initial POSIX perms

setfacl --recursive --remove-all  folder
chown -R root:"AD\Domain Admins" folder
chmod -R 2775 folder

Folder	2775 root:"AD\Domain Admins"  , everone has access only because the last 5. 

folder/IT   2770 root:"AD\IT", 		, "AD\Domain Admins" inherits, you Add "Domain Users" RW and "AD\IT" RWX
folder/IT						  and add "Creator Group" full control 

(* assuming AD\IT is a group) 

Where "AD\Domain Admins" is the manager of the folders.. 
"AD\IT" is the security group to controle acces in/out.  *( all except full control )  
 "Domain Users" is used and gets the rights on files *( primary group is domain users)  *( all except full control ) 

Full control is only needed if you want these user to have the ability to change the rights. 

Try above. 

And, i suggest, remove acl_xattr:ignore system acls = yes in the Global and share first. 
Then try above, not your expected result, the add it back on the share only. 
Then check/set rights again.. 

Test again. 



More information about the samba mailing list